Programmable devices—such as internet of things (IoT) devices, mobile computing devices, desktop computing devices, and cloud computing devices—can make up a computer network of interconnected programmable devices (hereinafter “a computer network”). A user operating one of these programmable devices may have to be authenticated before access is granted to the computer network.
Authentication can be defined as one or more processes used to verify a user identity attempting to access a secure computer network. In general, authentication includes comparing identity data (that is provided by a user attempting to gain access to a secure computer network) to stored information comprising authorized users' information.
Conceptually, identity data can be broken up into three authentication factors—(i) a knowledge factor, which is information known to the user (e.g., a password, a username, etc.); (ii) an ownership factor, which is a physical or virtual object possessed by the user (e.g., an identification card, a security token, a software token, a hardware token, a device with a hardware and/or software token, etc.); and (iii) an inherence factor, which is an intrinsic characteristic of a user (e.g., fingerprint, retinal pattern, DNA sequence, face, voice, unique bio-electric signals, other biometric identifier, etc.).
Based on the factors above, there are different types of authentication—single-factor authentication, two-factor authentication, and multi-factor authentication. The higher the number of authentication factors used in an authentication technique, the stronger and less prone to security compromises (e.g., man-in-the-middle attacks, etc.) that the authentication technique will be.
Many organizations use single-factor, two-factor, and/or multi-factor authentication for granting access to their secured systems. One issue associated with these techniques of authentication is their inability to take context or risk into account when attempting to authenticate an individual. For example, an authentication technique will always require a user's username and password regardless of whether the user is accessing an organization's information system from a secure terminal (e.g., an organization-approved computer system, etc.) or from a unsecure terminal (e.g., the user's personal computer system, etc.).
Even though a secure network that always requires the use of one or more factors for access may protect against unauthorized access, such a system may also be an inefficient system. For example, a significant amount of resources (e.g., human resources, computer resources, etc.) must be maintained and deployed each time a user attempts to access the secure network. As the number of users with authenticated access to such a system increases, the amount of resources associated with authentication can increase significantly.